This is a great time to launch a self-service initiative as a way to improve your security program without making costly new commitments. Especially with team members working remotely, freer access to data can improve efficiencies and speed up remediation of risks like cloud misconfigurations and visibility gaps. If you take advantage of this crazy time to squeeze more value from your security data, that’s a silver lining to this gloomy cloud.
What is Data Democratization?
Popular data science author Bernard Marr put it well when he wrote:
Data democratization means that everybody has access to data and there are no gatekeepers that create a bottleneck at the gateway to the data. It requires that we accompany the access with an easy way for people to understand the data so that they can use it to expedite decision-making and uncover opportunities for an organization. The goal is to have anybody use data at any time to make decisions with no barriers to access or understanding.
Democratization works in this field because the IT and data engineering teams that collect and prepare the data can’t know as well as the stakeholders themselves what questions will be asked. Most of these stakeholders are not engineers with production access. When they can get independent access to raw data about the environment, together with tools to turn data into actionable insights, they become more productive.
While this trend is well established in domains such as marketing and finance, cybersecurity teams have lagged behind. Wondering how your team measures up? Check how many Business Intelligence (BI) tool licenses your security team uses today.
Wait! How did you check how many BI licenses your team is using? If you had to Slack a buddy in IT or open a service desk ticket, you’ve turned your friend into an unintentional middleman. She didn’t sign up for that job.
Setting aside the time she had to take out of her day to get you the information, consider the delay you experienced and the manual effort required to copy usage statistics in this case from a report in the vendor’s admin console into the ticket, and from there to a spreadsheet or email where you can view the results. And that’s the best case flow as it assumes that your team members are properly grouped and classified in the vendor’s user registry. Otherwise, this simple request for information would require your friend in IT to compare names one by one from a list of your team members to the vendor’s licensed users.
As lame as that process sounds, it’s the status quo for many daily tasks at security teams. In too many cases, the people responsible for ensuring that systems are monitored, vulnerabilities are patched, and activity is authorized cannot track this information themselves.
Self-Service for Security Compliance
Security Governance, Risk and Compliance (GRC) is meant to ensure that the business sets standards not just for how it protects data and systems, but that these standards are being met. That’s a nice idea but in practice there’s a constant vigilance required to minimize the gaps between the desired and actual.
Especially in cloud-centric infrastructure where frequent deployments and changes are the norm, traditional compliance strategies involving quarterly reviews with spreadsheets and manual checks are not just wasteful- they put the company at risk.
Self-service GRC dashboards cut out the middleman. They bring data democratization to the world of risk and compliance, helping to answer questions faster and more efficiently. Data-driven risk reduction can give a big boost to any security program.
I’ve seen this happen within Snowflake, where the GRC team has embraced data analytics wholeheartedly to amazing success. Our lean and mean compliance team uses BI to maintain a huge roster of certifications and met stringent customer demands. The team members might not have been trained as data scientists but they’re not afraid of working with data. The gorgeous dashboards that they create for themselves, coworkers, customers, and prospects, present a view into the state of compliance at Snowflake that no vendor could have created “off the shelf”.
Self-service dashboards work better than canned reports the same way that a tailored suit or dress fits so much better than one bought off the shelf. And unlike custom-fitted clothing, custom BI doesn’t carry an inflated price tag.
Getting the Data
If your company already uses Snowflake, most of the ingredients for self-service compliance are already in place. Your data org has already purchased a BI tool such as Tableau, Looker or Sigma. That just leaves getting the relevant datasets into Snowflake.
Luckily, Snowflake Data Exchange makes it easy to access up-to-date compliance data from your cloud environment. As described in “Cloud Visibility For Your Security Data Lake”, Lacework’s Data Exchange integration means that they’ll continuously scrape AWS, Azure and GCP APIs on your behalf and make configuration issues available through a zero-copy data share to your Snowflake.
Lacework customers solve the missing data collection piece of the self-service compliance stack by requesting their data to be shared via Data Exchange on snowflake.com or within their Snowflake console.
Clicking on the Lacework listing brings up details on the dataset that can be made available via data sharing. There is no additional cost for Lacework customers to request their data on Snowflake.
Shared data in Snowflake is always up to date with what the vendor has available, so once the share is established and members of the compliance team are granted access both in Snowflake and in BI, it’s time to get cooking.
Start Building for Self-Service
Every company has a unique set of crown jewels to protect, customers to satisfy, and risks to tolerate. That’s one reason why you can’t expect a vendor to build this stuff for you. Still, there’s value in walking through a sample self-service dashboard to help you plan your own.
First, here’s what not to do: don’t create Top 10 lists just because you can.
Instead, set aside the data and consider what questions you’re most concerned with answering. For our sample dashboard, these will be:
- Does our cloud environment currently have high-risk issues?
- Are we reducing our cloud risk over time?
- Are compliance violations fixed within our established SLAs?
Each of these questions can be encoded as a SQL statement or view. A BI tool can make it easier to filter and visualize reports so that dashboards don’t need an interpreter. The message should be clear and actionable.
When completed, the dashboard might look something like this:
Click here to open this compliance dashboard on your computer or phone.
A single dashboard can cover data from multiple vendors and tools. Custom dashboards should be designed to be actionable, meaning the viewer easily understands the problem and what needs to be addressed. Metrics should provide a sense of accomplishment for a job well done- recognition that’s sorely missing in security organizations today.
When you empower everyone across the organization to build and analyze visualizations based on any finding, alert or dataset, you’ll be amazed by the results.